An effective cyber attack recovery plan for enterprises

by Oct 4, 2018

An effective cyber attack recovery plan for enterprises

by Oct 4, 2018


In this digital-era of quick technical advancements, security threats are of ever-increasing concern. Cyber crime rates increase every year; so, being proactive against security risks by having an effective recovery plan in order to mitigate any loss is like a basic necessity for enterprises of any size.

Let’s look at the steps to be taken to make a cyber attack recovery plan effective.


1) Identifying and containing the cyber attack

As per statistics, most of the attacks are identified by enterprises at least after 6months, on an average.

While ‘identifying a cyber attack’, important things to be done on documenting it are – ‘Type of the attack, When it took place, How it will affect your customers, What assets were affected, Who are the victims’.

To ‘contain and remove the attack’, take the following measures –

  1. Separate sensitive data (login information, banking details, etc.)
  2. Removal of all files installed by the attack: Isolate those files and then investigate them to identify the attacker and security vulnerabilities.
  3. Disconnect the affected hosts: Then those hosts will be no longer available and can no longer be subjected to the cyber attack.
  4. Uninstall and reinstall the affected files to avoid spreading
  5. Apply the necessary security patches.


2)Preventing cyber security risks in future

Steps to prevent future cyber security threats can be listed as,

  1. Having a team of cyber security professionals. Ensure professionals like –
  • Chief Information Security Officer: Bring in expertise to develop and implement processes to protect all communications, systems as well as assets.
  • Teaming up business management professionals: To plan and implement proper communication with customers and the press to ensure efficient crisis management as well as to protect brand image.
  • Incident response cyber security team: For timely as well as efficient action on cyber security threats. This team should include resource from various departments, like IT experts, business managers, legal professionals (To provide the right strategy and guidance in case of a cyber security attack as well as to report the attack.), etc. to effectively handle various aspects of a cyber security attack.

2. Train employees and stay informed about security threats

As per statistics, more than 60% security attacks in an organization occur due to mistakes of employees itself. Ensure awareness of your employees on cyber security best practices as well as the latest cyber threats. An organisation’s awareness on latest and commonly exploited vulnerabilities can help in prioritizing security measures. Sharing real-time cyber security threat intelligence will make cyber defense more effective and there are several organisations implementing it.

3. Use advanced security solutions

Choose and implement the best and advanced security solutions (Like antivirus solutions, which can provide the first line of security defense) to protect from various cyber security threats as well as for efficient endpoint protection.

4. Implement cyber security action plan

Ensure an effective cyber security action plan (Like keeping log records, proper law enforcement, etc.) to avoid, as well as to confront any future security risks.


3) Promptly informing the cyber attack to customers

Along with identifying and containing the attack, it is equally necessary to inform the attack to your customers. Even large companies have a history of not addressing cyber attacks to even those who are affected by it (their customers) in a timely manner; Often, they do inform it to the customers after months of identifying and containing it. Steps which should be taken to prevent this and to establish an efficient response plan are, ‘Liaison with your IT as well as PR and marketing team to prepare and implement a proper communication plan about the attack, Inclusion of information on compensation as well as measures (implementing new cyber security protocols) taken to prevent future security threats,if any in this communication plan’.

Being prepared as well as taking quick action is vital to effectively recover from a cyber security attack, in order to gain customer’s goodwill. This will help to maintain business success and generate profit.


October 2018